2023 Data Breaches
Bed Bath & Beyond
Bed Bath & Beyond Inc reported a third party had improperly accessed its data through a phishing scam by accessing the hard drive of one of its employees. They are reviewing the data accessed to determine whether the drives contained any sensitive or personally identifiable information.
U.S. Bank reported that the personal information of about 11K customers was accidentally shared by one of the bank's third-party vendors. The data accessed included names, Social Security numbers, closed account numbers, and outstanding balances.
It was recently reported that the cloud communications company, Twilio was breached twice, not once, this past summer due to phishing attacks that combined led to the access of hundreds of customers' data. In August, Twilio originally announced that its internal systems had been breached but in an update last week, Twilio said it and a forensic firm had conducted an "extensive investigation" into the August incident and confirmed the attack vector was indeed via compromised employees' credentials.
Shas Party Election Campaign
The Shas party election campaign has reported that a hack exposed sensitive personal details of millions of citizens with the right to vote in the Israeli elections to be held this coming Tuesday.
The breach was revealed following an anonymous leak received on the CyberCyber podcast of Ido Kenan and Noam Rotem. The breach was based on a known four-year-old weakness in an online system debugging tool, which could be easily exploited.
Australian Defence Force
Australian Defence Force confirms hackers have attacked an external IT provider used by military personnel and Defence department public servants. A spokeswoman for Defence Minister Richard Marles confirmed to NCA NewsWire a breach had taken place on the ForceNet service.